CVE-2023-22931 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Splunk	CNA	4.3 MEDIUM				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Affected Products (NVD)

Vendor	Product	Version
splunk	splunk	8.1.0 ≤ 𝑥 < 8.1.13
splunk	splunk	8.2.0 ≤ 𝑥 < 8.2.10
splunk	splunk_cloud_platform	𝑥 < 8.2.2203

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References

https://advisory.splunk.com/advisories/SVD-2023-0201

https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/

https://advisory.splunk.com/advisories/SVD-2023-0201

https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/